[xmlsec] Re: Verification of digitalSignature

Aleksey Sanin aleksey at aleksey.com
Mon Apr 22 08:41:37 PDT 2002 

Hi, Henning,

Unix is not a requirement for XMLSec library however, I've not tried
it on Windows myself so I have no idea will it work or not.
And defenetly Unix is not a requirement for test.pl script :)
To run it from Windows you need to install any Perl for Windows
(for example, ActivePerl).
I am not sure I clear understand what do you mean by "run perl script
from html page".  If you want to submit a form from html page
then probably you can take a look at the source code of my page
    http://www.aleksey.com/xmlsec/xmldsig-verifier.html
It does exactly this!

With best regards,

Aleksey.

BTW, I've created a mailing list for xmlsec library
    http://www.aleksey.com/pipermail/xmlsec/2002/thread.html
and I've copied my reply to this list. I would prefer to continue
discussion in this list.
   

Henning Petersson (SEM) wrote:

>Hi again Aleksey.
>
>I was wondering how the test.pl works (the file that lets you use the onlineverifier from other sites). I already have a perl-script and thus I would like to connect test.pl to my script. How do I run the test.pl script? from a html-page or from UNIX. I dont use UNIX - can I still use the script? Is UNIX a requirement to install and use the XMLSEC Library? 
>
>I'm using my own tool to produce the signature. It's implemented in a mobile phone.
>
>Thanks for having the time for these answers.
>
>/Henning
>
>
>-----Original Message-----
>From: Aleksey Sanin [mailto:aleksey at aleksey.com]
>Sent: Wednesday, April 17, 2002 5:45 PM
>To: Henning Petersson (SEM)
>Subject: Re: Verification of digitalSignature
>
>
>Hi, Henning!
>
>You are absolutelly right, the RSA signature fails. The reason for this 
>is that
>the signature size (24 bytes) is different from the expected for this 
>RSA key
>(36 bytes). The only reason I can imagine is that the signature was 
>generated
>using different key. What tool did you use to produce this siganture?
>
>
>Aleksey.
>
>
>
>
>Henning Petersson (SEM) wrote:
>
>>Hi Mr. Aleksey
>>
>>My name is Henning and I'm currently finishing my Master Thesis in computer Science at Ericsson. I was wondering if you could help me out with a problem I'm having.
>>
>>When I use your Online Verifier (which is a very good application btw) I get the following result:
>>
>>= SIGNATURE (validate)
>>== result: FAIL
>>== sign method: http://www.w3.org/2000/09/xmldsig#rsa-sha1
>>== KEY
>>=== method: RSAKeyValue
>>=== key name: NULL
>>=== key type: Public
>>=== key origin:
>>== start buffer:
>><SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
>><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod>
>><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod>
>><Reference URI="#signed">
>><Transforms>
>><Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></Transform>
>></Transforms>
>><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
>><DigestValue>A56AM+yyp2LVbd6bw/dMr0bt+Fw=</DigestValue>
>></Reference>
>></SignedInfo>
>>== end buffer
>>== SIGNED INFO REFERENCES
>>=== REFERENCE 
>>==== ref type: SignedInfo Reference
>>==== result: OK
>>==== digest method: http://www.w3.org/2000/09/xmldsig#sha1
>>==== uri: #signed
>>==== type: NULL
>>==== id: NULL
>>==== start buffer:
>><payment Id="signed">
>><pgbg>bg</pgbg>
>><pgbgnr>57311</pgbgnr>
>><account>996.123.345-2</account>
>><amount>2000000</amount>
>><date>20020617</date>
>><note>Porsche payment</note>
>><ocrmess>ocr</ocrmess>
>><ocrmesstxt>192363</ocrmesstxt>
>></payment>
>>==== end buffer:
>>
>>It seems that the reference digest was correct since result : OK below REFERENCES. Is that so? So what part went wrong? Did the RSA fail?
>>I received my private and public key from openssl. Do you see any obvious errors?
>>
>>I would be most greatful if you might be able to help. THANKS
>>
>>/Henning
>>
>>Below is a copy of what I'm pasting in the online verifier (the signed document).
>>
>>----
>>
>><?xml version="1.0"?>
>><submitted>
>><payment Id="signed">
>><pgbg>bg</pgbg>
>><pgbgnr>57311</pgbgnr>
>><account>996.123.345-2</account>
>><amount>2000000</amount>
>><date>20020617</date>
>><note>Porsche payment</note>
>><ocrmess>ocr</ocrmess>
>><ocrmesstxt>192363</ocrmesstxt>
>></payment>
>>
>><Signature Id="XFormsSignature" xmlns="http://www.w3.org/2000/09/xmldsig#">
>><SignedInfo>
>><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod>
>><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod>
>><Reference URI="#signed">
>><Transforms>
>><Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></Transform>
>></Transforms>
>><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
>><DigestValue>A56AM+yyp2LVbd6bw/dMr0bt+Fw=</DigestValue>
>></Reference>
>></SignedInfo>
>><SignatureValue>nWXVPm7JaFAql9WBS4OM/oRb/sCLbbHw=</SignatureValue>
>><KeyInfo>
>><KeyValue>
>><RSAKeyValue>
>><Modulus>wM+7YslLCzSbOZBvmbQS5w0wjC+jxGeE9PnPGdhvEyjzADvs=</Modulus>
>><Exponent>AQAB</Exponent>
>></RSAKeyValue>
>></KeyValue>
>></KeyInfo>
>></Signature>
>></submitted>
>>----
>>

More information about the xmlsec mailing list